| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_X87 | 5 #if V8_TARGET_ARCH_X87 |
| 6 | 6 |
| 7 #include "src/base/bits.h" | 7 #include "src/base/bits.h" |
| 8 #include "src/bootstrapper.h" | 8 #include "src/bootstrapper.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 1592 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1603 __ TailCallRuntime( | 1603 __ TailCallRuntime( |
| 1604 is_strong(strength()) ? Runtime::kCompare_Strong : Runtime::kCompare, 3, | 1604 is_strong(strength()) ? Runtime::kCompare_Strong : Runtime::kCompare, 3, |
| 1605 1); | 1605 1); |
| 1606 } | 1606 } |
| 1607 | 1607 |
| 1608 __ bind(&miss); | 1608 __ bind(&miss); |
| 1609 GenerateMiss(masm); | 1609 GenerateMiss(masm); |
| 1610 } | 1610 } |
| 1611 | 1611 |
| 1612 | 1612 |
| 1613 static void CallStubInRecordCallTarget(MacroAssembler* masm, CodeStub* stub, | 1613 static void CallStubInRecordCallTarget(MacroAssembler* masm, CodeStub* stub) { |
| 1614 bool is_super) { | |
| 1615 // eax : number of arguments to the construct function | 1614 // eax : number of arguments to the construct function |
| 1616 // ebx : feedback vector | 1615 // ebx : feedback vector |
| 1617 // edx : slot in feedback vector (Smi) | 1616 // edx : slot in feedback vector (Smi) |
| 1618 // edi : the function to call | 1617 // edi : the function to call |
| 1619 // esp[0]: original receiver (for IsSuperConstructorCall) | |
| 1620 if (is_super) { | |
| 1621 __ pop(ecx); | |
| 1622 } | |
| 1623 | 1618 |
| 1624 { | 1619 { |
| 1625 FrameScope scope(masm, StackFrame::INTERNAL); | 1620 FrameScope scope(masm, StackFrame::INTERNAL); |
| 1626 | 1621 |
| 1627 // Number-of-arguments register must be smi-tagged to call out. | 1622 // Number-of-arguments register must be smi-tagged to call out. |
| 1628 __ SmiTag(eax); | 1623 __ SmiTag(eax); |
| 1629 __ push(eax); | 1624 __ push(eax); |
| 1630 __ push(edi); | 1625 __ push(edi); |
| 1631 __ push(edx); | 1626 __ push(edx); |
| 1632 __ push(ebx); | 1627 __ push(ebx); |
| 1633 if (is_super) { | |
| 1634 __ push(ecx); | |
| 1635 } | |
| 1636 | 1628 |
| 1637 __ CallStub(stub); | 1629 __ CallStub(stub); |
| 1638 | 1630 |
| 1639 if (is_super) { | |
| 1640 __ pop(ecx); | |
| 1641 } | |
| 1642 __ pop(ebx); | 1631 __ pop(ebx); |
| 1643 __ pop(edx); | 1632 __ pop(edx); |
| 1644 __ pop(edi); | 1633 __ pop(edi); |
| 1645 __ pop(eax); | 1634 __ pop(eax); |
| 1646 __ SmiUntag(eax); | 1635 __ SmiUntag(eax); |
| 1647 } | 1636 } |
| 1648 | |
| 1649 if (is_super) { | |
| 1650 __ push(ecx); | |
| 1651 } | |
| 1652 } | 1637 } |
| 1653 | 1638 |
| 1654 | 1639 |
| 1655 static void GenerateRecordCallTarget(MacroAssembler* masm, bool is_super) { | 1640 static void GenerateRecordCallTarget(MacroAssembler* masm) { |
| 1656 // Cache the called function in a feedback vector slot. Cache states | 1641 // Cache the called function in a feedback vector slot. Cache states |
| 1657 // are uninitialized, monomorphic (indicated by a JSFunction), and | 1642 // are uninitialized, monomorphic (indicated by a JSFunction), and |
| 1658 // megamorphic. | 1643 // megamorphic. |
| 1659 // eax : number of arguments to the construct function | 1644 // eax : number of arguments to the construct function |
| 1660 // ebx : feedback vector | 1645 // ebx : feedback vector |
| 1661 // edx : slot in feedback vector (Smi) | 1646 // edx : slot in feedback vector (Smi) |
| 1662 // edi : the function to call | 1647 // edi : the function to call |
| 1663 // esp[0]: original receiver (for IsSuperConstructorCall) | |
| 1664 Isolate* isolate = masm->isolate(); | 1648 Isolate* isolate = masm->isolate(); |
| 1665 Label initialize, done, miss, megamorphic, not_array_function; | 1649 Label initialize, done, miss, megamorphic, not_array_function; |
| 1666 | 1650 |
| 1667 // Load the cache state into ecx. | 1651 // Load the cache state into ecx. |
| 1668 __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size, | 1652 __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size, |
| 1669 FixedArray::kHeaderSize)); | 1653 FixedArray::kHeaderSize)); |
| 1670 | 1654 |
| 1671 // A monomorphic cache hit or an already megamorphic state: invoke the | 1655 // A monomorphic cache hit or an already megamorphic state: invoke the |
| 1672 // function without changing the state. | 1656 // function without changing the state. |
| 1673 // We don't know if ecx is a WeakCell or a Symbol, but it's harmless to read | 1657 // We don't know if ecx is a WeakCell or a Symbol, but it's harmless to read |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1719 __ bind(&initialize); | 1703 __ bind(&initialize); |
| 1720 // Make sure the function is the Array() function | 1704 // Make sure the function is the Array() function |
| 1721 __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx); | 1705 __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx); |
| 1722 __ cmp(edi, ecx); | 1706 __ cmp(edi, ecx); |
| 1723 __ j(not_equal, ¬_array_function); | 1707 __ j(not_equal, ¬_array_function); |
| 1724 | 1708 |
| 1725 // The target function is the Array constructor, | 1709 // The target function is the Array constructor, |
| 1726 // Create an AllocationSite if we don't already have it, store it in the | 1710 // Create an AllocationSite if we don't already have it, store it in the |
| 1727 // slot. | 1711 // slot. |
| 1728 CreateAllocationSiteStub create_stub(isolate); | 1712 CreateAllocationSiteStub create_stub(isolate); |
| 1729 CallStubInRecordCallTarget(masm, &create_stub, is_super); | 1713 CallStubInRecordCallTarget(masm, &create_stub); |
| 1730 __ jmp(&done); | 1714 __ jmp(&done); |
| 1731 | 1715 |
| 1732 __ bind(¬_array_function); | 1716 __ bind(¬_array_function); |
| 1733 CreateWeakCellStub weak_cell_stub(isolate); | 1717 CreateWeakCellStub weak_cell_stub(isolate); |
| 1734 CallStubInRecordCallTarget(masm, &weak_cell_stub, is_super); | 1718 CallStubInRecordCallTarget(masm, &weak_cell_stub); |
| 1735 __ bind(&done); | 1719 __ bind(&done); |
| 1736 } | 1720 } |
| 1737 | 1721 |
| 1738 | 1722 |
| 1739 void CallConstructStub::Generate(MacroAssembler* masm) { | 1723 void CallConstructStub::Generate(MacroAssembler* masm) { |
| 1740 // eax : number of arguments | 1724 // eax : number of arguments |
| 1741 // ebx : feedback vector | 1725 // ebx : feedback vector |
| 1742 // ecx : new target (for IsSuperConstructorCall) | |
| 1743 // edx : slot in feedback vector (Smi, for RecordCallTarget) | 1726 // edx : slot in feedback vector (Smi, for RecordCallTarget) |
| 1744 // edi : constructor function | 1727 // edi : constructor function |
| 1745 | 1728 |
| 1746 if (IsSuperConstructorCall()) { | |
| 1747 __ push(ecx); | |
| 1748 } | |
| 1749 | |
| 1750 Label non_function; | 1729 Label non_function; |
| 1751 // Check that function is not a smi. | 1730 // Check that function is not a smi. |
| 1752 __ JumpIfSmi(edi, &non_function); | 1731 __ JumpIfSmi(edi, &non_function); |
| 1753 // Check that function is a JSFunction. | 1732 // Check that function is a JSFunction. |
| 1754 __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx); | 1733 __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx); |
| 1755 __ j(not_equal, &non_function); | 1734 __ j(not_equal, &non_function); |
| 1756 | 1735 |
| 1757 if (RecordCallTarget()) { | 1736 GenerateRecordCallTarget(masm); |
| 1758 GenerateRecordCallTarget(masm, IsSuperConstructorCall()); | |
| 1759 | 1737 |
| 1760 Label feedback_register_initialized; | 1738 Label feedback_register_initialized; |
| 1761 // Put the AllocationSite from the feedback vector into ebx, or undefined. | 1739 // Put the AllocationSite from the feedback vector into ebx, or undefined. |
| 1762 __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size, | 1740 __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size, |
| 1763 FixedArray::kHeaderSize)); | 1741 FixedArray::kHeaderSize)); |
| 1764 Handle<Map> allocation_site_map = | 1742 Handle<Map> allocation_site_map = isolate()->factory()->allocation_site_map(); |
| 1765 isolate()->factory()->allocation_site_map(); | 1743 __ cmp(FieldOperand(ebx, 0), Immediate(allocation_site_map)); |
| 1766 __ cmp(FieldOperand(ebx, 0), Immediate(allocation_site_map)); | 1744 __ j(equal, &feedback_register_initialized); |
| 1767 __ j(equal, &feedback_register_initialized); | 1745 __ mov(ebx, isolate()->factory()->undefined_value()); |
| 1768 __ mov(ebx, isolate()->factory()->undefined_value()); | 1746 __ bind(&feedback_register_initialized); |
| 1769 __ bind(&feedback_register_initialized); | |
| 1770 | 1747 |
| 1771 __ AssertUndefinedOrAllocationSite(ebx); | 1748 __ AssertUndefinedOrAllocationSite(ebx); |
| 1772 } | |
| 1773 | 1749 |
| 1774 if (IsSuperConstructorCall()) { | 1750 // Pass new target to construct stub. |
| 1775 __ pop(edx); | 1751 __ mov(edx, edi); |
| 1776 } else { | |
| 1777 // Pass new target to construct stub. | |
| 1778 __ mov(edx, edi); | |
| 1779 } | |
| 1780 | 1752 |
| 1781 // Tail call to the function-specific construct stub (still in the caller | 1753 // Tail call to the function-specific construct stub (still in the caller |
| 1782 // context at this point). | 1754 // context at this point). |
| 1783 __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset)); | 1755 __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset)); |
| 1784 __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kConstructStubOffset)); | 1756 __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kConstructStubOffset)); |
| 1785 __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize)); | 1757 __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize)); |
| 1786 __ jmp(ecx); | 1758 __ jmp(ecx); |
| 1787 | 1759 |
| 1788 __ bind(&non_function); | 1760 __ bind(&non_function); |
| 1789 if (IsSuperConstructorCall()) __ Drop(1); | |
| 1790 __ mov(edx, edi); | 1761 __ mov(edx, edi); |
| 1791 __ Jump(isolate()->builtins()->Construct(), RelocInfo::CODE_TARGET); | 1762 __ Jump(isolate()->builtins()->Construct(), RelocInfo::CODE_TARGET); |
| 1792 } | 1763 } |
| 1793 | 1764 |
| 1794 | 1765 |
| 1795 void CallICStub::HandleArrayCase(MacroAssembler* masm, Label* miss) { | 1766 void CallICStub::HandleArrayCase(MacroAssembler* masm, Label* miss) { |
| 1796 // edi - function | 1767 // edi - function |
| 1797 // edx - slot id | 1768 // edx - slot id |
| 1798 // ebx - vector | 1769 // ebx - vector |
| 1799 __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx); | 1770 __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx); |
| (...skipping 3553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5353 Operand(ebp, 7 * kPointerSize), NULL); | 5324 Operand(ebp, 7 * kPointerSize), NULL); |
| 5354 } | 5325 } |
| 5355 | 5326 |
| 5356 | 5327 |
| 5357 #undef __ | 5328 #undef __ |
| 5358 | 5329 |
| 5359 } // namespace internal | 5330 } // namespace internal |
| 5360 } // namespace v8 | 5331 } // namespace v8 |
| 5361 | 5332 |
| 5362 #endif // V8_TARGET_ARCH_X87 | 5333 #endif // V8_TARGET_ARCH_X87 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1471193002:
X87: [builtins] Sanitize the machinery around Construct calls. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master